1. Field of the Invention
The present invention relates generally to modeling methods, and in particular, to a method for representing security features of a distributed system.
2. Background Art
Organizations are delivering an increasing number of services over the Internet or internal versions thereof. For many, the situation is further complicated as they adopt new information technologies such as directories, which themselves might be important components of a security design. These services can now be distributed across multiple networks or geographical locations, and be deployed within multi-tier configurations. It is also not unusual to find different security policies in effect depending on the location or responsible owner of a service. Many organizations must adapt to new methods of delivery, to an accompanying increased complexity in their systems and system designs, and to new classes of threats that follow from allowing wider and different styles of access to the organization's data and services. In such environments, having tight, clear descriptions of both system and security designs is invaluable. Yet, system-level security is remarkably resistant to being described piecemeal; the security of each piece is dependent on the security of many others. As such, it is difficult to develop a clear understanding of the security position of a system without the aid of diagrams which show its high-level security architecture. Visual representations can depict where security mechanisms are positioned, how security mechanisms relate to the system design, and how security requirements are met. A diagram of a system's security position would improve communications, not only between security engineers and architects and their systems engineering counterparts, but also with others who have a vested interest in a system's security.
The ability to convey the essence of a security design visually, while following some formalism for constructing its visual representation, is not available. Even where security features are pictured, for instance in a network diagram, the features themselves usually give only vague hints as to the actual security posture in place. There is no existing work that attempts to build models or diagrams depicting security features using a formalized or repeatable method.
What is needed, therefore, is a method for representing security features of a distributed system that provides a model builder with the ability to convey a large amount of security-relevant information, while at the same time melting away much of the detail that would obscure the diagram's readability, and thus its impact. The present invention satisfies these and other needs, and provides further related advantages, as will be made apparent by the description of the present invention that follows.